Companies are experiencing loss of revenue and brand equity due to device clones and unauthorized production of products. The target of this cloning activity is to leverage research and development of original equipment manufacturers (OEMs) illegally to offer similar and competing products at a lower cost which results in significant loss of profit and brand equity to the OEM. Examples include:
Non-branded Systems: Hardware designs are stolen and clone systems are built at lower quality. The manufacturers of such cloned systems also copy the software from the original product and offer a complete system (e.g., non-branded servers and routers) at very low cost.
Business Model Interruption: Hackers change the functionality of existing systems to behave and performance non-intended functions that disrupt the business model of OEMs. An example is the iPhone® which is currently licensed to work with only one service provider's network. Hackers have enabled the iPhone to be used with other service provider networks.
Overbuilding: Contractors can overbuild equipment beyond the OEM's order and sell the unauthorized equipment with the same brand but with lower price and no revenue to the OEM.
The Trusted Computing Group (TCG) is an industry group including component vendors, software developers, systems vendors and network and infrastructure companies that develops and supports open industry specifications for trusted computing across multiple platform types. TCG has defined a Trusted Platform Module (TPM) specification for microcontrollers that store keys, passwords and digital certificates. Security processes, such as digital signature and key exchange, are protected through the secure TCG subsystem. Access to data and secrets in a platform could be denied if the boot sequence is not as expected. Critical applications and capabilities such as secure email, secure web access and local protection of data are thereby made much more secure. The TPM is not capable of con-trolling the software that is executed. The TCG subsystem can only act as a ‘slave’ to higher level services and applications by storing and reporting pre-runtime configuration information. Other applications determine what is done with this information. At no time can the TCG building blocks ‘control’ the system or report the status of applications that are running.